Microsoft releases updated MS13-036 security patch

If you are following my coverage on Microsoft's Patch Tuesday here each month you have noticed that one of the patches that the company released this month caused severe issues for some Windows 7 users. Update 2823324, which is part of the bulletin MS13-036 fixes a vulnerability in the file system kernel-mode driver ntsf.sys. It was assigned a security rating of important - the second highest - rating available across all systems, and a moderate rating on Windows 7.

An elevation of privilege vulnerability exists when the NTFS kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

The vulnerability allows local users to cause a denial of service attack or gain privileges using specifically crafted applications. Some Windows 7 users quickly learned about a side-effect of the first patch that Microsoft released on Patch Day. Their system would go in to an endless reboot cycle and Microsoft confirmed later that this was caused by a conflict with third party software installed on the computer system.

Microsoft today released an updated patch that resolves the issue that some Windows 7 users were facing. The new update is now listed under KB2840149 and it is suggested that Windows 7 users download and install it as soon as possible on their systems. The update is not only available via Microsoft's Download Center but also via Windows Update. If you have not booted your system for a while check for new updates in Windows Update and it should appear in the list of available updates there as well.

I recommend you uninstall update KB2823324 if it is still installed on the system before you do install the new one to avoid conflicts of any kind. Consult the guide linked above to find out how you can install the previous update on your operating system.

Update: The previous update, if still installed on the system, seems to be pulled automatically after you have installed the new update on your system.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

About Martin Brinkmann

Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand.You can follow Martin on Facebook, Twitter or Google+

From my understanding the manual pull of the update of KB2823324 MS13-036 issued on 9 April is now not necessary as it has been over-ridden with the recently issued KB2840149 and will automatically pull the old update of 9 April. That’s why they need a reboot to get rid of the kernel hooks that they incorrectly implemented at that time. There is no need to uninstall: 2840149 will pull it.

Let me know if that is wrong, as the is my understanding from Technet.

On one of my computers (which I rarely use) I didn’t deinstall KB2823324 previously. After installing KB2840149 today, I see that KB2823324 is NOT pulled automaticly after reboot. Should I deinstall it manually, once and for all???

Huge problem! I could not restart PC few hours after I installed KB 2840149.I was able to turn off/on PC, but normal restart didn’t work so I uninstalled KB 2840149 and everything is OK now. How important that update is? I have Avast 8 Free as AV if that matters. I’ll check if restart is working without that update few more times.

# Julia, did you get a re-boot signal from the Windows Update? And did you re-boot? If you still have it after the 2840149 after install, then I agree with Martin: uninstall the KB2823324. To get a sense of proportion on this, most users have no problem. It was a screwed update by MS and affects 1% of users so there is no need to go too far — though why the old update wasn’t uninstalled I don’t know.. Go with Martin on this one.

#Julia. All is ok! stay with what Microsoft has done and pull the 2823324 as Martin recommends. It may be that it is on your update log but not applicable. Unfortunately Julia, I don’t know cos I pulled it 10 days ago.

And, seriously: it’s finished. It’s gone. Otherwise … contact me and we’ll both sue MS! You are as safe as you can be! The Microsofts have done it. Nice people.

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.